import android.text.Spanned;
import android.text.TextUtils;
import android.text.TextWatcher;
+import android.text.method.LinkMovementMethod;
import android.util.Log;
import android.view.Menu;
import android.view.MenuInflater;
private CheckBox mBlockIPv6;
private Spinner mSelectSelectedAppsHandling;
private RelativeLayout mSelectApps;
+ private TextInputLayoutHelper mIkeProposalWrap;
+ private EditText mIkeProposal;
+ private TextInputLayoutHelper mEspProposalWrap;
+ private EditText mEspProposal;
@Override
public void onCreate(Bundle savedInstanceState)
mSelectSelectedAppsHandling = (Spinner)findViewById(R.id.apps_handling);
mSelectApps = (RelativeLayout)findViewById(R.id.select_applications);
+ mIkeProposal = (EditText)findViewById(R.id.ike_proposal);
+ mIkeProposalWrap = (TextInputLayoutHelper)findViewById(R.id.ike_proposal_wrap);
+ mEspProposal = (EditText)findViewById(R.id.esp_proposal);
+ mEspProposalWrap = (TextInputLayoutHelper)findViewById(R.id.esp_proposal_wrap);
+ /* make the link clickable */
+ ((TextView)findViewById(R.id.proposal_intro)).setMovementMethod(LinkMovementMethod.getInstance());
+
final SpaceTokenizer spaceTokenizer = new SpaceTokenizer();
mName.setTokenizer(spaceTokenizer);
mRemoteId.setTokenizer(spaceTokenizer);
mProfile.getPort() != null || mProfile.getNATKeepAlive() != null ||
(flags != null && flags != 0) || (st != null && st != 0) ||
mProfile.getIncludedSubnets() != null || mProfile.getExcludedSubnets() != null ||
- mProfile.getSelectedAppsHandling() != SelectedAppsHandling.SELECTED_APPS_DISABLE;
+ mProfile.getSelectedAppsHandling() != SelectedAppsHandling.SELECTED_APPS_DISABLE ||
+ mProfile.getIkeProposal() != null || mProfile.getEspProposal() != null;
}
mShowAdvanced.setVisibility(!show ? View.VISIBLE : View.GONE);
mAdvancedSettings.setVisibility(show ? View.VISIBLE : View.GONE);
mProfile.setSplitTunneling(st == 0 ? null : st);
mProfile.setSelectedAppsHandling(mSelectedAppsHandling);
mProfile.setSelectedApps(mSelectedApps);
+ String ike = mIkeProposal.getText().toString().trim();
+ mProfile.setIkeProposal(ike.isEmpty() ? null : ike);
+ String esp = mEspProposal.getText().toString().trim();
+ mProfile.setEspProposal(esp.isEmpty() ? null : esp);
}
/**
mBlockIPv6.setChecked(mProfile.getSplitTunneling() != null && (mProfile.getSplitTunneling() & VpnProfile.SPLIT_TUNNELING_BLOCK_IPV6) != 0);
mSelectedAppsHandling = mProfile.getSelectedAppsHandling();
mSelectedApps = mProfile.getSelectedAppsSet();
+ mIkeProposal.setText(mProfile.getIkeProposal());
+ mEspProposal.setText(mProfile.getEspProposal());
flags = mProfile.getFlags();
useralias = mProfile.getUserCertificateAlias();
local_id = mProfile.getLocalId();
android:id="@+id/select_applications"
layout="@layout/two_line_button" />
+ <TextView
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:layout_marginTop="10dp"
+ android:layout_marginBottom="10dp"
+ android:layout_marginLeft="4dp"
+ android:layout_marginStart="4dp"
+ android:textSize="20sp"
+ android:text="@string/profile_proposals_label" />
+
+ <TextView
+ android:id="@+id/proposal_intro"
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:layout_marginTop="10dp"
+ android:layout_marginBottom="10dp"
+ android:layout_marginLeft="4dp"
+ android:textSize="12sp"
+ android:text="@string/profile_proposals_intro" />
+
+ <org.strongswan.android.ui.widget.TextInputLayoutHelper
+ android:id="@+id/ike_proposal_wrap"
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ app:helper_text="@string/profile_proposals_ike_hint" >
+
+ <android.support.design.widget.TextInputEditText
+ android:id="@+id/ike_proposal"
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:singleLine="true"
+ android:inputType="textNoSuggestions"
+ android:hint="@string/profile_proposals_ike_label" />
+
+ </org.strongswan.android.ui.widget.TextInputLayoutHelper>
+
+ <org.strongswan.android.ui.widget.TextInputLayoutHelper
+ android:id="@+id/esp_proposal_wrap"
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ app:helper_text="@string/profile_proposals_esp_hint" >
+
+ <android.support.design.widget.TextInputEditText
+ android:id="@+id/esp_proposal"
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:singleLine="true"
+ android:inputType="textNoSuggestions"
+ android:hint="@string/profile_proposals_esp_label" />
+
+ </org.strongswan.android.ui.widget.TextInputLayoutHelper>
+
</LinearLayout>
</LinearLayout>
<string name="profile_select_no_apps">Keine Apps ausgewählt</string>
<string name="profile_select_one_app">Eine App ausgewählt</string>
<string name="profile_select_x_apps">%1$d Apps ausgewählt</string>
+ <string name="profile_proposals_label">Algorithmen</string>
+ <string name="profile_proposals_intro">Optionale spezifische Algorithmen für IKEv2 und/oder IPsec/ESP die statt der Standardwerte verwendet werden sollen. Eine <a href="https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites">Liste gültiger Algorithmen</a> kann unserem Wiki entnommen werden (nicht alle werden von dieser App unterstützt). Beide Felder erwarten eine Liste von Algorithmen, jeweils mit einem Bindestrich getrennt.</string>
+ <string name="profile_proposals_ike_label">IKEv2 Algorithmen</string>
+ <string name="profile_proposals_ike_hint">Für non-AEAD/klassische Verschlüsselungsalgorithmen wird ein Integritätsalgorithmus, eine pseudozufällige Funktion (PRF, optional, ansonsten wird eine auf dem Integritätsalgorithmus basierende verwendet) und eine Diffie-Hellman Gruppe benötigt (z.B. aes256-sha256-ecp256). Für kombinierte/AEAD Algorithmen wird der Integritätsalgorithmus weggelassen aber eine PRF wird benötigt (z.B. aes256gcm16-prfsha256-ecp256).</string>
+ <string name="profile_proposals_esp_label">IPsec/ESP Algorithmen</string>
+ <string name="profile_proposals_esp_hint">Für non-AEAD/klassische Verschlüsselungsalgorithmen wird ein Integritätsalgorithmus benötigt, eine Diffie-Hellman Gruppe ist optional (z.B. aes256-sha256 oder aes256-sha256-ecp256). Für kombinierte/AEAD Algorithmen wird der Integritätsalgorithmus weggelassen (z.B. aes256gcm16 oder aes256gcm16-ecp256). Falls eine DH Gruppe angegeben wird, kommt während dem IPsec SA Rekeying ein DH Schlüsselaustausch zur Anwendung. Beim initialen Verbindungsaufbau hat eine DH Gruppe hier keinen Einfluss, weil die Schlüssel dort von der IKE SA abgeleitet werden. Deshalb wird eine Fehlkonfiguration mit dem Server erst später während dem Rekeying zu einem Fehler führen.</string>
<string name="profile_import">VPN Profile importieren</string>
<string name="profile_import_failed">VPN Profil-Import fehlgeschlagen</string>
<string name="profile_import_failed_detail">VPN Profil-Import fehlgeschlagen: %1$s</string>
<string name="profile_select_no_apps">No applications selected</string>
<string name="profile_select_one_app">One application selected</string>
<string name="profile_select_x_apps">%1$d applications selected</string>
+ <string name="profile_proposals_label">Algorithms</string>
+ <string name="profile_proposals_intro">Optionally configure specific algorithms to use for IKEv2 and/or IPsec/ESP instead of the defaults. Refer to our wiki for a <a href="https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites">list of algorithm identifiers</a> (note that not all are supported by this app). Both fields take a list of algorithms, each separated by a hyphen.</string>
+ <string name="profile_proposals_ike_label">IKEv2 Algorithms</string>
+ <string name="profile_proposals_ike_hint">For non-AEAD/classic encryption algorithms, an integrity algorithm, a pseudo random function (optional, defaults to one based on the integrity algorithm) and a Diffie-Hellman group are required (e.g. aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted but a PRF is required (e.g. aes256gcm16-prfsha256-ecp256).</string>
+ <string name="profile_proposals_esp_label">IPsec/ESP Algorithms</string>
+ <string name="profile_proposals_esp_hint">For non-AEAD/classic encryption algorithms, an integrity algorithm is required, a Diffie-Hellman group is optional (e.g. aes256-sha256 or aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted (e.g. aes256gcm16 or aes256gcm16-ecp256). If a DH group is specified IPsec SA rekeying will use a DH key exchange. However, DH groups specified here are not used when the connection is established initially because the keys there are derived from the IKE SA key material. Therefore, any configuration mismatch with the server will only cause errors later during rekeying.</string>
<string name="profile_import">Import VPN profile</string>
<string name="profile_import_failed">Failed to import VPN profile</string>
<string name="profile_import_failed_detail">Failed to import VPN profile: %1$s</string>
<string name="profile_select_no_apps">No applications selected</string>
<string name="profile_select_one_app">One application selected</string>
<string name="profile_select_x_apps">%1$d applications selected</string>
+ <string name="profile_proposals_label">Algorithms</string>
+ <string name="profile_proposals_intro">Optionally configure specific algorithms to use for IKEv2 and/or IPsec/ESP instead of the defaults. Refer to our wiki for a <a href="https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites">list of algorithm identifiers</a> (note that not all are supported by this app). Both fields take a list of algorithms, each separated by a hyphen.</string>
+ <string name="profile_proposals_ike_label">IKEv2 Algorithms</string>
+ <string name="profile_proposals_ike_hint">For non-AEAD/classic encryption algorithms, an integrity algorithm, a pseudo random function (optional, defaults to one based on the integrity algorithm) and a Diffie-Hellman group are required (e.g. aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted but a PRF is required (e.g. aes256gcm16-prfsha256-ecp256).</string>
+ <string name="profile_proposals_esp_label">IPsec/ESP Algorithms</string>
+ <string name="profile_proposals_esp_hint">For non-AEAD/classic encryption algorithms, an integrity algorithm is required, a Diffie-Hellman group is optional (e.g. aes256-sha256 or aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted (e.g. aes256gcm16 or aes256gcm16-ecp256). If a DH group is specified IPsec SA rekeying will use a DH key exchange. However, DH groups specified here are not used when the connection is established initially because the keys there are derived from the IKE SA key material. Therefore, any configuration mismatch with the server will only cause errors later during rekeying.</string>
<string name="profile_import">Import VPN profile</string>
<string name="profile_import_failed">Failed to import VPN profile</string>
<string name="profile_import_failed_detail">Failed to import VPN profile: %1$s</string>
<string name="profile_select_no_apps">No applications selected</string>
<string name="profile_select_one_app">One application selected</string>
<string name="profile_select_x_apps">%1$d applications selected</string>
+ <string name="profile_proposals_label">Algorithms</string>
+ <string name="profile_proposals_intro">Optionally configure specific algorithms to use for IKEv2 and/or IPsec/ESP instead of the defaults. Refer to our wiki for a <a href="https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites">list of algorithm identifiers</a> (note that not all are supported by this app). Both fields take a list of algorithms, each separated by a hyphen.</string>
+ <string name="profile_proposals_ike_label">IKEv2 Algorithms</string>
+ <string name="profile_proposals_ike_hint">For non-AEAD/classic encryption algorithms, an integrity algorithm, a pseudo random function (optional, defaults to one based on the integrity algorithm) and a Diffie-Hellman group are required (e.g. aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted but a PRF is required (e.g. aes256gcm16-prfsha256-ecp256).</string>
+ <string name="profile_proposals_esp_label">IPsec/ESP Algorithms</string>
+ <string name="profile_proposals_esp_hint">For non-AEAD/classic encryption algorithms, an integrity algorithm is required, a Diffie-Hellman group is optional (e.g. aes256-sha256 or aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted (e.g. aes256gcm16 or aes256gcm16-ecp256). If a DH group is specified IPsec SA rekeying will use a DH key exchange. However, DH groups specified here are not used when the connection is established initially because the keys there are derived from the IKE SA key material. Therefore, any configuration mismatch with the server will only cause errors later during rekeying.</string>
<string name="profile_import">Import VPN profile</string>
<string name="profile_import_failed">Failed to import VPN profile</string>
<string name="profile_import_failed_detail">Failed to import VPN profile: %1$s</string>
<string name="profile_select_no_apps">No applications selected</string>
<string name="profile_select_one_app">One application selected</string>
<string name="profile_select_x_apps">%1$d applications selected</string>
+ <string name="profile_proposals_label">Algorithms</string>
+ <string name="profile_proposals_intro">Optionally configure specific algorithms to use for IKEv2 and/or IPsec/ESP instead of the defaults. Refer to our wiki for a <a href="https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites">list of algorithm identifiers</a> (note that not all are supported by this app). Both fields take a list of algorithms, each separated by a hyphen.</string>
+ <string name="profile_proposals_ike_label">IKEv2 Algorithms</string>
+ <string name="profile_proposals_ike_hint">For non-AEAD/classic encryption algorithms, an integrity algorithm, a pseudo random function (optional, defaults to one based on the integrity algorithm) and a Diffie-Hellman group are required (e.g. aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted but a PRF is required (e.g. aes256gcm16-prfsha256-ecp256).</string>
+ <string name="profile_proposals_esp_label">IPsec/ESP Algorithms</string>
+ <string name="profile_proposals_esp_hint">For non-AEAD/classic encryption algorithms, an integrity algorithm is required, a Diffie-Hellman group is optional (e.g. aes256-sha256 or aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted (e.g. aes256gcm16 or aes256gcm16-ecp256). If a DH group is specified IPsec SA rekeying will use a DH key exchange. However, DH groups specified here are not used when the connection is established initially because the keys there are derived from the IKE SA key material. Therefore, any configuration mismatch with the server will only cause errors later during rekeying.</string>
<string name="profile_import">导入VPN配置</string>
<string name="profile_import_failed">导入VPN配置失败</string>
<string name="profile_import_failed_detail">导入VPN配置失败: %1$s</string>
<string name="profile_select_no_apps">No applications selected</string>
<string name="profile_select_one_app">One application selected</string>
<string name="profile_select_x_apps">%1$d applications selected</string>
+ <string name="profile_proposals_label">Algorithms</string>
+ <string name="profile_proposals_intro">Optionally configure specific algorithms to use for IKEv2 and/or IPsec/ESP instead of the defaults. Refer to our wiki for a <a href="https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites">list of algorithm identifiers</a> (note that not all are supported by this app). Both fields take a list of algorithms, each separated by a hyphen.</string>
+ <string name="profile_proposals_ike_label">IKEv2 Algorithms</string>
+ <string name="profile_proposals_ike_hint">For non-AEAD/classic encryption algorithms, an integrity algorithm, a pseudo random function (optional, defaults to one based on the integrity algorithm) and a Diffie-Hellman group are required (e.g. aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted but a PRF is required (e.g. aes256gcm16-prfsha256-ecp256).</string>
+ <string name="profile_proposals_esp_label">IPsec/ESP Algorithms</string>
+ <string name="profile_proposals_esp_hint">For non-AEAD/classic encryption algorithms, an integrity algorithm is required, a Diffie-Hellman group is optional (e.g. aes256-sha256 or aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted (e.g. aes256gcm16 or aes256gcm16-ecp256). If a DH group is specified IPsec SA rekeying will use a DH key exchange. However, DH groups specified here are not used when the connection is established initially because the keys there are derived from the IKE SA key material. Therefore, any configuration mismatch with the server will only cause errors later during rekeying.</string>
<string name="profile_import">匯入VPN設定檔</string>
<string name="profile_import_failed">匯入VPN設定檔失敗</string>
<string name="profile_import_failed_detail">匯入VPN設定檔失敗: %1$s</string>
<string name="profile_select_no_apps">No applications selected</string>
<string name="profile_select_one_app">One application selected</string>
<string name="profile_select_x_apps">%1$d applications selected</string>
+ <string name="profile_proposals_label">Algorithms</string>
+ <string name="profile_proposals_intro">Optionally configure specific algorithms to use for IKEv2 and/or IPsec/ESP instead of the defaults. Refer to our wiki for a <a href="https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites">list of algorithm identifiers</a> (note that not all are supported by this app). Both fields take a list of algorithms, each separated by a hyphen.</string>
+ <string name="profile_proposals_ike_label">IKEv2 Algorithms</string>
+ <string name="profile_proposals_ike_hint">For non-AEAD/classic encryption algorithms, an integrity algorithm, a pseudo random function (optional, defaults to one based on the integrity algorithm) and a Diffie-Hellman group are required (e.g. aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted but a PRF is required (e.g. aes256gcm16-prfsha256-ecp256).</string>
+ <string name="profile_proposals_esp_label">IPsec/ESP Algorithms</string>
+ <string name="profile_proposals_esp_hint">For non-AEAD/classic encryption algorithms, an integrity algorithm is required, a Diffie-Hellman group is optional (e.g. aes256-sha256 or aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted (e.g. aes256gcm16 or aes256gcm16-ecp256). If a DH group is specified IPsec SA rekeying will use a DH key exchange. However, DH groups specified here are not used when the connection is established initially because the keys there are derived from the IKE SA key material. Therefore, any configuration mismatch with the server will only cause errors later during rekeying.</string>
<string name="profile_import">Import VPN profile</string>
<string name="profile_import_failed">Failed to import VPN profile</string>
<string name="profile_import_failed_detail">Failed to import VPN profile: %1$s</string>
projects / thirdparty / strongswan.git / commitdiff
